Senior Application Security Engineer (AU)

Work with cutting edge technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of world’s most challenging technical problems in the Electronic Warfare, Artificial Intelligence and Machine Learning, RF sensing, Sensor Fusion and distributed systems. Working with high profile customers across militaries, government agencies, airports, critical infrastructure, law enforcement and many others.

 

With an approximately $1bn market capitalisation and having raised approximately $250m in 2024 alone, DroneShield is undergoing hypergrowth stage, fuelled by rapidly increasing use of drones for nefarious applications, from battlefield, to terrorism, to contraband delivery and commercial espionage.

 

This role is in the DroneShield Sydney headquarters in Pyrmont, Sydney. There are approximately 200 staff based in the 4,000sqm facility today, scheduled to grow to approximately 300 staff by end of 2026. Overseas on the ground presence includes Virginia (USA), Denmark, Germany and Dubai, as well as distributors in over 70 countries globally.

About the roleDroneShield is seeking a Senior Application Security Engineer and Pentester with relevant experience to join the team in Sydney, NSW.
The ideal candidate will be responsible for enhancing a secure SDLC framework and application defences additionally conducting sophisticated security assessments.
Key responsibilities include assuring the security of Production Applications and Platforms, using your initiative to enhance our secure SDLC, CICD platform and reduce Toil for Engineers. The role also involves managing multiple concurrent projects.
The successful candidate should have a strong background in computer science or relevant certifications, demonstrated experience in application security in high-stakes environments, and deep technical expertise in modern app security and application architectures. They should also possess effective communication skills. This position offers the opportunity to contribute to the security of a platform with complex threat models. There will also be opportunities for Red Teaming and exposure to Hardware and Embedded security.

Responsibilities, Duties and Expectations 

• Develop an advanced secure SDLC framework, incorporating automation, machine learning, and contextual threat analysis
• Ensure software meets high security, privacy, and compliance standards
• Enhance web application and API defenses using latest techniques
• Conduct sophisticated security assessments and penetration testing
• Support developer productivity by prioritising developer tooling that reduces Toil and improves User Experience
• Own key metrics around product security incidents and risk trends
• Promote continuous learning and improvement within the team
• Manage multiple concurrent projects and solve cross-product problems
• Establish partnerships and champion quality throughout the organisation

Qualifications, Experience and Skills 

• BS degree in Computer Science, Information Technology or similar technical field of study or equivalent practical experience.
• Demonstrated experience working in application security in high-stakes environments
• Minimum 5 years’ experience in related roles. Roles could include:
  • Security Engineer
  •  Application Security Engineer
  •  Reverse Engineer
  •  Software Engineer
  •  Penetration Tester
• Knowledge of the following would also be essential:
  •  Comfortable on the command line in a Linux first environment
  • Penetration Testing
  • Application Security Reviews and Threat Modelling
  • Can write software (Python, Go, etc.) and peer review code / implementation / automation scripts
  • Familiarity with RESTful, RPC APIs
  • Modern app security and application architectures
  • Strong expertise in software engineering best practices
  • working within production environments and understanding security risks in Continuous Integration/Delivery
  •  SAST, DAST, SCA
• Knowledge of the following would also be desirable:
  • Red Teaming, reverse engineering, security research
  • Cloud Security (Azure/AWS)
  • Developing and implementing automated security testing tools
  • Hardware and Embedded Security

Note for recruitment agencies: we do not accept floated candidates from external recruiters unless they were instructed to do so.